CVE-2026-31583
- Source
- https://cve.org/CVERecord?id=CVE-2026-31583
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31583.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31583
- Downstream
- Related
- Published
- 2026-04-24T14:42:12.923Z
- Modified
- 2026-06-03T03:54:25.187623918Z
- Summary
- media: em28xx: fix use-after-free in em28xx_v4l2_open()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
media: em28xx: fix use-after-free in em28xxv4l2open()
em28xxv4l2open() reads dev->v4l2 without holding dev->lock, creating a race with em28xxv4l2init()'s error path and em28xxv4l2fini(), both of which free the em28xx_v4l2 struct and set dev->v4l2 to NULL under dev->lock.
This race leads to two issues: - use-after-free in v4l2fhinit() when accessing vdev->ctrlhandler, since the videodevice is embedded in the freed em28xxv4l2 struct. - NULL pointer dereference in em28xxresolution_set() when accessing v4l2->norm, since dev->v4l2 has been set to NULL.
Fix this by moving the mutex_lock() before the dev->v4l2 read and adding a NULL check for dev->v4l2 under the lock.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31583.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/2cbf81f76842e46bdf25823c70e1db4044a65678
- https://git.kernel.org/stable/c/38a327221f7f765e7d853b7bafe47e342441ec85
- https://git.kernel.org/stable/c/3c0283a59e36e3707c4a81f4952e362d31f876b8
- https://git.kernel.org/stable/c/5fb2940327722b4684d2f964b54c1c90aa277324
- https://git.kernel.org/stable/c/6b9e66437cc6123ddedac141e1b8b6fcf57d2972
- https://git.kernel.org/stable/c/871b8ea8ef39a6c253594649f4339378fad3d0dd
- https://git.kernel.org/stable/c/a66485a934c7187ae8e36517d40615fa2e961cff
- https://git.kernel.org/stable/c/b5d141ea15f173f15b9f0a72965902f3428c0d92
- https://git.kernel.org/stable/c/dd2b888e08d3b3d6aacd65d76cd44fac11da750f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31583.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31583
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8139a4d583abad45eb987b5a99b3281b6d435b7eFixed3c0283a59e36e3707c4a81f4952e362d31f876b8Fixed2cbf81f76842e46bdf25823c70e1db4044a65678Fixed38a327221f7f765e7d853b7bafe47e342441ec85Fixedb5d141ea15f173f15b9f0a72965902f3428c0d92Fixed5fb2940327722b4684d2f964b54c1c90aa277324Fixed871b8ea8ef39a6c253594649f4339378fad3d0ddFixed6b9e66437cc6123ddedac141e1b8b6fcf57d2972Fixeddd2b888e08d3b3d6aacd65d76cd44fac11da750fFixeda66485a934c7187ae8e36517d40615fa2e961cff
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.16.0Fixed5.10.258
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.209
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.175
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.136
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.83
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.24
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.14
- Type
- ECOSYSTEM
- Events
-
Introduced6.20.0Fixed7.0.1